Security review at Trusts

14th December 2007

NHS trusts have been given orders by the Chief Executive David Nicholson to "immediately review" and strengthen their data transfer security procedures.

In a letter sent out on 4 December, he states that trusts need to look at their internal policies for the exchange of information. The letter urges trusts to purchase extra security "expertise" and to double check their policies for electronic equipment.

Mr Nicholson makes a reference to â€śrecent concerns about public sectorâ€? in his letter, although he does not refer to the loss of confidential information by HM Revenue and Customs in November.

The letter says: â€śNo element of information governance, as provided in the information governance toolkit, should be neglected, but priority must be given to securing improvements in the in the security of data in transit."

NHS trust executives are given a checklist of steps in the letter. They are told to look at systems and procedures, and to make any necessary improvements.

They are also informed that they must not send information in bulk - unless absolutely necessary - until the security measures have been addressed.

Mr Nicholson says in the letter that he wants the executives to ensure that all policies set down in the past by the Department of Health are being followed.

The letter ends by saying that executives should look closely at the issues so that the public can be confident that the NHS will protect their information securely.